As an organization owner or member of the security manager role, you can now use the repository security advisories REST API to get all repository security advisories across your organization.
Learn more about repository security advisories.
GitHub environments can be configured with deployment branch policies to allow-list the branches that can deploy to them.
We are now security hardening these branch policies further by blocking runs triggered from forks with branches that match the protected branch name. We are also preventing tags with the same name as a protected branch from deploying to the environments with branch policies around protected branches.
Learn more about configuring environments with deployment protection rules to set up rigorous and streamlined guardrails for your deployments.
For questions, visit the GitHub Actions community.
To see what's next for Actions, visit our public roadmap.
As an organization owner or member of the security manager role, you can now use the repository security advisories REST API to get all repository security advisories across your organization.
Learn more about repository security advisories.
Secret scanning's push protection feature prevents supported secrets from being pushed into repositories, and has to date been enabled at the repository, organization, or enterprise level.
Now, everyone across GitHub can enable push protection for themselves within your individual settings. This ensures your pushes are protected whenever you push to a public repository on GitHub, without relying on that repository to have push protection enabled.
To opt in, go to the "Code security and analysis" section of your personal settings. Next to "Push protection for yourself", click Enable.
GitHub will enable push protection for all GitHub Free individuals by default in January, 2024.